Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,294,582
Community Members
 
Community Events
165
Community Groups

Is there a plugin to show commits, PRs stats but not allowing access to the source code?

Hello everyone,

I see lots of plugins that offer fancy reports, and graphs to visualising stats based on a bitbucket repositories - e.g. commits per user, how quickly PRs are closed, etc.

All plugins I found are third party, and looking closely, they actually have full access to the source code.

Is there a reliable plugin that should not be concerned about leaking out source code to 3rd parties? I was looking for something written by Atlassian for example, but couldn’t find such.

Any suggestions are more than welcome.

 

Best,

Julian

1 answer

0 votes

Hi Julian,

I'm afraid that we don't have a plugin developed by Atlassian that shows such statistics.

If there is a certain plugin that you'd be interested in using, you can find its listing in Atlassian Marketplace and this listing usually has the contact details of the vendor. If you'd like, you can then contact the vendor with any questions regarding the privacy and security policies for their plugin.

Kind regards,
Theodora

Hi Theodora, thank you for the feedback.

 

I've contacted the vendors and of course all claim that they don't use the source code and only use the commits metadata to create  the stats.

We're looking for  a security mechanism that will actually prevent 3rd parties from reading the source code. Perhaps bitbucket does not allow such granularity.

 

For example:

awesome graphs - https://docs.stiltsoft.com/awesome-graphs/cloud/faq/privacy-policy:

 

Upon the installation of Awesome Graphs for Bitbucket Cloud (the “App”), you grant the Read access to the following REST API scopes: “repository”, “account”, “pullrequest”, “email”, “webhook”. The App receives access (i) to read repositories of the workspace in which the App is installed, their pull requests and account information, (ii) to read and modify repositories' webhooks, and (iii) to read the workspace’s name, members and its repositories.

 

Reading through this, they essentially gain access to everything in the repositories.

 

Best,

Julian

Hi Julian,

I'm afraid that we don't have such granularity in scopes, there is no scope that allows read access only to commits but not to the source code. I can open a feature request for that if you'd like for our development team to consider, please feel free to let me know if you'd like me to proceed with that.

Kind regards,
Theodora

This would be great Theodora, thank you.

I can't think of any other way to be able to rely on those tools security wise, they should have much limited scope.

Julian

Hi Julian,

Thank you for the feedback.

I went ahead and created the following feature request in our issue tracker:

You are more than welcome to leave any comments on that ticket as well. I would also suggest adding your vote (by selecting the Vote for this issue link) as the number of votes helps the development team and product managers better understand the demand for new features. You can also add yourself as a watcher (by selecting the Start watching this issue link) if you'd like to get notified via email on updates.

If you have any other questions, please feel free to let me know.

Kind regards,
Theodora

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket

Git push size limits are coming to Bitbucket Cloud starting April 4th, 2022

Beginning on April 4th, we will be implementing push limits. This means that your push cannot be completed if it is over 3.5 GB. If you do attempt to complete a push that is over 3.5 GB, it will fail...

2,158 views 2 9
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you